Lucene search
K

33949 matches found

OSV
OSV
added 2026/05/03 4:10 p.m.8 views

MAL-2026-3309 Malicious code in google-cloud-secret-manager-config-poc (npm)

Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...

5.7AI score
Exploits0References1
EUVD
EUVD
added 2026/05/03 12:30 p.m.9 views

EUVD-2026-26834

A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This impacts an unknown function of the file /SubstationWEBV2/main/uploadH5Files. The manipulation of the argument File results in unrestricted upload. The attack may be launched...

6.5CVSS6.2AI score0.00224EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 12:15 p.m.6 views

CVE-2026-7695 Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform elecMaxMinAvgValue sql injection

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 12:15 p.m.6 views

EUVD-2026-26833

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 8:45 a.m.7 views

Malicious code in sf-vmeval-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/03 8:45 a.m.8 views

MAL-2026-3242 Malicious code in sf-vmeval-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a8fa27c8dc6bf13a4f5d92f14414a4f5efc08c1df7f33591a010b4f824e84bc1 During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/05/03 5:15 a.m.27 views

CVE-2026-7678

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS0.00196EPSS
Exploits0References4
NVD
NVD
added 2026/05/03 5:15 a.m.16 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS0.00414EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 4:15 a.m.19 views

CVE-2026-7679

YunaiV yudao-cloud (up to 2026.01) is affected. The flaw resides in OAuth2TokenServiceImpl.java (getAccessToken) where manipulation leads to improper authentication. The issue is exploitable remotely with a PROOF-OF-CONCEPT exploit and no remediation details are provided in the available document...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 4:15 a.m.8 views

CVE-2026-7679

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/03 4:15 a.m.41 views

CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 4:15 a.m.3 views

CVE-2026-7679 YunaiV yudao-cloud OAuth2TokenServiceImpl.java getAccessToken improper authentication

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 4:15 a.m.20 views

EUVD-2026-26814

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication...

7.5CVSS6.8AI score0.00414EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/03 4:0 a.m.12 views

EUVD-2026-26813

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/03 4:0 a.m.6 views

CVE-2026-7678

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/03 4:0 a.m.47 views

CVE-2026-7678 YunaiV yudao-cloud GoViewDataServiceImpl.java getDataBySQL sql injection

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attac...

6.5CVSS0.00196EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 4:0 a.m.18 views

CVE-2026-7678

CVE-2026-7678 affects YunaiV yudao-cloud (up to 2026.01). The vulnerability is in GoViewDataServiceImpl.java (yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java) where user-controlled input can influence SQL execution, resulting in SQL injection ....

6.5CVSS6.4AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.7 views

yudao-cloud 授权问题漏洞

Yudao-Cloud is a backend management system developed by YunaiV’s individual developer. Versions of Yudao-Cloud prior to 2026.01 contained an authorization issue vulnerability. This vulnerability originated from the function getAccessToken in the file...

7.5CVSS7.1AI score0.00414EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.11 views

PT-2026-36727

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 3.8.1 Description An authentication bypass exists in the Ruoyi-Vue-Pro component. Manipulation of the mock-token argument within the doFilterInternal function of the JwtAuthenticationTokenFilter.java file...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.9 views

PT-2026-36722

Name of the Vulnerable Software and Affected Versions JD Cloud JDCOS version 4.5.1.r4518 Description A flaw in the Service Interface component allows remote command injection. The issue exists within the set iptv info function of the '/jdcap' file, where improper handling of the vid argument...

6.5CVSS6.8AI score0.01158EPSS
Exploits0References8
Rows per page
Query Builder